org.springframework.security.web.csrf
Class CsrfToken

java.lang.Object
  org.springframework.security.web.csrf.CsrfToken

All Implemented Interfaces:

Serializable

public final class CsrfToken
extends Object
implements Serializable

A CSRF token that is used to protect against CSRF attacks.

Since:

3.2

See Also:

Serialized Form

Constructor Summary

CsrfToken(String headerName, String parameterName, String token)
Creates a new instance

Method Summary

String	getHeaderName() Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter.
String	getParameterName() Gets the HTTP parameter name that should contain the token.
String	getToken() Gets the token value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CsrfToken

public CsrfToken(String headerName,
                 String parameterName,
                 String token)

Creates a new instance

Parameters:

headerName - the HTTP header name to use

parameterName - the HTTP parameter name to use

token - the value of the token (i.e. expected value of the HTTP parameter of parametername).

Method Detail

getHeaderName

public String getHeaderName()

Gets the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter. Cannot be null.

Returns:

the HTTP header that the CSRF is populated on the response and can be placed on requests instead of the parameter

getParameterName

public String getParameterName()

Gets the HTTP parameter name that should contain the token. Cannot be null.

Returns:

the HTTP parameter name that should contain the token.

getToken

public String getToken()

Gets the token value. Cannot be null.

Returns:

the token value